Security

I need some more coffee – reading the Paypal fob.

I was using my paypal fob to sign into my MovableType 4 test installation and I entered the 6 digit code. I was surprised to see that Verisign rejected it. “That’s odd” I thought until I realised I was holding the fob upside down and the numbers just happened to be readable that way up too! It is obviously too early in the morning to be debugging css code – so sorry Neil!

Some users w/d on’t learn.

We all know that you should have good secure passwords and you can enforce this in Active Directory, but it is the other applications on the network that might raise a concern.
I got a helpdesk ticket saying that the password for a Peachtree database was not the normal one….the password that was the same as the company name! After trying password, no password I then discovered that a google search for Peachtree password removers comes up with tons of hits but no free ones. The shareware ones were about 60 bucks for a corporate licence but about $30 for personal use. However, one of them would demonstrate that it could actually break the password by revealing the first two characters of the password. I thought this might give me and the user a clue as to what the password could be. When the first two characters were revealed to be 12 it didn’t take the user long to realise what the password was and they got it on the first attempt.
Sometimes it is really hard to demonstrate the reasons that passwords should be used and you would have thought that the importance of security and a good password for company financial data would be recognised…
I wonder what will happen if at the next Board meeting I do a demonstration of insecurity with LIVE data…..

Get noscript installed in firefox!

There’s a new zero day exploit for firefox and internet explorer which involves javascript. So if you are running firefox, then installing NoScript will give you added protection. If you are running IE – then ooooooops 🙂

Having said that, it doesn’t look that malicious – you would have to be tricked into entering data into one page, which can then be sent to the malicious site at the same time, so you are probably only at risk if you do random surfing or surf in dodgy web site areas in the first place – and if you are doing that then I really hope you are not running internet explorer (or as an admin!)

How not to handle data loss

I had the misfortune to have to deal with a user who had received an email after their data was stolen from the University of Texas. The email mentioned that their username and email address had been divulged to unauthorised users.
Unfortunately the way the email was sent out to the user, it looked just like a phishing scam. The email contained references to http://www.mccombs.utexas.edu/datatheft/ but if you looked at where the link would take you, it actually went to a convio.com address.
As this is a typical phishing mechanism I did a bit of digging. A whois lookup on convio.com provided an IT contact and the fact that the domain had been registered for 6 years which therefore implied that their server might have been hacked.
I contacted the Convio and received a return phone call where I was told that a lot more data had been revealed (depending on what data was stored on the server) and that the email was genuine.
After that I received two phonecalls from a call center that was set up to answer queries about the data theft. The scary thing is that their records show I requested contact about the problem but they didn’t update the records that someone had already contacted me. It would also make sense to ensure that the users who are manning the call center can actually pronounce the names of the companies involved in the whole farce!

I was also amazed to see that the University are not offering free credit monitoring or any other form of compensation to the affected users – instead they are just given (more redirected) links to a reduced fee.

All the above makes a mockery of the comments on the University website that can be found on google and the REALLY scary thing is that the server was hacked more than a month ago (April 11th), they announced it on the April 23rd and they didn’t contact the user until May 25th (see Attrition for details.
Oh – and there are another 197,000 users also affected – still thats small change in the amount of 81,822,769 that have been affected since the Choicepoint breach in Feb 05

Printing now works in the kiosk mode

I forgot to blog that we fixed the problem with not being able to use Ctrl-P to print in internet explorer with a kiosk group policy on a machine. The solution which sort of makes sense was to enable the File menu again. We had restricted this but for some reason this also restricts ctrl-p, ctrl-s and other shortcuts on some sites. By enabling the File Menu in the group policy everything worked 100% of the time. Further details in the extended entry

More online publishing.

My tip on passwords was published in redmond magazine the other week and is available online. Shouldn’t be too hard to work out which tip I posted. Note to current employers – doesn’t mean that I’m using this function now – especially as Symantec Antivirus is crazy enough to think that certain tools are virus’s and deletes them!

MORE windows patches

Microsoft released 2 more patches yesterday – the day after I manage to schedule a lot of reboots for my customers for the wmf patch. Thankfully it looks like the machines may not need rebooting judging on my xp desktop experience. Hopefully the same will hold true for the server.
I had one customer box not reboot overnight because the boot.ini had been mysteriously changed to boot to a (non-existent) windows 2000 installation. Fortunately the customer mentioned (when I rang them early this morning) that the problem of not finding ntkernel.exe is solved by selecting the other option in the boot sequence….I’m glad they told me this but it would have been better if they had mentioned the problem before so I wouldn’t have had to get up early this morning in case I needed to make an emergency stop at their site…..so instead I’m catching up on some blogging.

I must be the only person in the world who wasn’t pleased that Microsoft released the wmf patch early on Thursday last week. Everyone else seems to be so grateful that this happened but it was a nightmare for me. Thursday night I was doing a software audit on a lan and I left it scanning the machines overnight. I came in the next morning expecting to sit down and start analyzing only to find that the machine had downloaded the new patch and automatically rebooted – loosing all the scanning results so I had to start again – not so happy. Before you tell me that you can set automatic updates to not do the reboot – I know – this was on a machine outside of my control AND Microsoft had also previously announced that the patch would not be ready until Tuesday.